{"id":15921,"date":"2025-11-01T16:51:29","date_gmt":"2025-11-01T15:51:29","guid":{"rendered":"https:\/\/haimagazine.com\/uncategorized\/aardvark-automated-security-screening\/"},"modified":"2025-11-03T15:30:48","modified_gmt":"2025-11-03T14:30:48","slug":"aardvark-automated-security-screening","status":"publish","type":"post","link":"https:\/\/haimagazine.com\/en\/safety-2\/aardvark-automated-security-screening\/","title":{"rendered":"\ud83d\udd12 Aardvark: automated security screening"},"content":{"rendered":"

Software security remains one of the most challenging areas in technology. Every year, tens of thousands of new vulnerabilities are found in corporate and open source codebases. Security teams face the task of finding and patching these vulnerabilities before malicious individuals can exploit them. OpenAI is working to tip the scales in favor of the defenders.<\/p>

That’s why the company announced the launch of Aardvark \u2014 an agent for security screening powered by GPT-5. Currently in a private beta phase, Aardvark aims to validate and enhance its capabilities, assisting developer and security teams in identifying and fixing security vulnerabilities.<\/p>

How does Aardvark work?<\/strong><\/h4>

Aardvark actively analyzes source code repositories to pinpoint vulnerabilities, assess their exploitable potential, prioritize them based on importance, and propose targeted fixes.<\/p>

Its operation is different from traditional program analysis techniques like fuzzing or software composition analysis. Instead, Aardvark uses reasoning based on a large language model and tools to understand the code’s behavior. It approaches bug finding in a way similar to a human: it reads the code, analyzes it, writes and runs tests, and uses the available tools.<\/p>

\"\"
Source: OpenAI<\/figcaption><\/figure>

Aardvark’s process is multi-stage. It starts by analyzing<\/strong> the entire repository to create a threat model, reflecting an understanding of the goals and security design of the program. Then it moves on to scanning commits<\/strong>: as new code is introduced, Aardvark scans the changes, comparing them to the whole repository and the threat model (after initially connecting to the repository, the agent will also scan its history). It explains the vulnerabilities found step by step, adding annotations to the code for human verification. The third step is validation<\/strong>: after identifying a potential vulnerability, Aardvark tries to execute it in a controlled test environment (sandbox) to confirm its exploitability. Finally comes patching<\/strong>: Aardvark integrates with OpenAI Codex to help fix the vulnerabilities. Each finding is accompanied by a patch generated and scanned by Codex, ready for human review.<\/p>

The agent collaborates with engineers, integrating seamlessly with GitHub, Codex and workflow processes to deliver clear insights without slowing down software development. While Aardvark focuses on security, it has also revealed other issues during tests, such as logical flaws, incomplete fixes and privacy concerns.<\/p>

Real results and support for open source<\/strong><\/h4>

Aardvark has been operating for several months now, tirelessly scanning both OpenAI’s internal code bases and those of alpha external partners. Inside OpenAI, it uncovered significant vulnerabilities and helped strengthen the company’s defenses. Partners have emphasized the depth of its analysis \u2014 Aardvark found issues that only occur under complex conditions. In benchmark tests on golden repositories, the agent identified 92% of known and synthetically introduced vulnerabilities.<\/p>

Aardvark has also been used in open-source projects where it uncovered numerous vulnerabilities that were responsibly reported \u2014 ten of which received CVE identifiers.<\/p>

OpenAI, building on decades of open research and responsible disclosure, plans to support the ecosystem. The company intends to offer pro-bono scanning for selected non-commercial open-source repositories. They have also recently updated their coordinated disclosure policy to focus on a programmer-friendly approach, emphasizing collaboration over rigid deadlines that can create pressure.<\/p>

Why is this significant?<\/strong><\/h4>

Software is the backbone of every industry, which means that its vulnerabilities pose a systemic risk to businesses, infrastructure and society. In 2024 alone, over 40,000 CVEs were reported. OpenAI tests reveal that about 1.2% of commits introduce errors that can have disproportionately large consequences.<\/p>

Aardvark represents a new model focused on defense: a security research agent who collaborates with teams to provide ongoing protection as the code evolves. By catching vulnerabilities early, validating their practical exploitations and offering clear fixes, Aardvark can enhance security without slowing down innovation.<\/p>

The company is kicking off with a private beta and will expand access as it gains experience. Organizations or open-source projects interested in joining can apply now.<\/p>","protected":false},"excerpt":{"rendered":"

OpenAI is launching Aardvark in its beta version \u2014 an AI agent based on GPT-5. Its mission is to automatically detect and assist in fixing large-scale software security vulnerabilities.<\/p>\n","protected":false},"author":230,"featured_media":15889,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"rank_math_lock_modified_date":false,"footnotes":""},"categories":[837],"tags":[],"popular":[],"difficulty-level":[],"ppma_author":[884],"class_list":["post-15921","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-safety-2"],"acf":[],"authors":[{"term_id":884,"user_id":230,"is_guest":0,"slug":"karolina-ceron","display_name":"Karolina Cero\u0144","avatar_url":"https:\/\/haimagazine.com\/wp-content\/uploads\/2025\/07\/PXL_20250419_110132091.MP4-scaled.jpg","first_name":"Karolina","last_name":"Cero\u0144","user_url":"","job_title":"","description":"Wsp\u00f3\u0142tw\u00f3rczyni newslettera AI Flash, studentka psychologii i pasjonatka sztucznej inteligencji. Interesuj\u0119 si\u0119 wp\u0142ywem nowych technologii na cz\u0142owieka, a w wolnych chwilach eksperymentuj\u0119 z generatywn\u0105 grafik\u0105 w Midjourney."}],"_links":{"self":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/15921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/users\/230"}],"replies":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/comments?post=15921"}],"version-history":[{"count":1,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/15921\/revisions"}],"predecessor-version":[{"id":15922,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/15921\/revisions\/15922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/media\/15889"}],"wp:attachment":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/media?parent=15921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/categories?post=15921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/tags?post=15921"},{"taxonomy":"popular","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/popular?post=15921"},{"taxonomy":"difficulty-level","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/difficulty-level?post=15921"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/ppma_author?post=15921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}